Hi, suppose there are two enclaves Ea and Eb on two different machines, and Ea has a secret. Eb wants to retrieve this secret from Ea. I wonder if remote attestation can directly ensure that both enclaves can verify that the other enclave is genuine.
I actually found several similar questions on the forum, but I get confused because the answers are not consistent. For example, the following answers claim that it is not possible.
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/776492
While the following claim that it is possible.
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/804130
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/814962
So, my question is, whether it is indeed possible for mutual remote attestation between two remote enclaves? If so, is it simply do remote attestation twice (one acts as an attester and the other acts as a challenger) or what is the proper and secure way to do so? I do found another solution (https://github.com/cloud-security-research/sgx-ra-tls) could do mutual remote attestation but that is based on a different framework and workflow. What I concern is the classic remote attestation process, as presented in https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.
Any advice would be highly appreciated.
Thanks and best regards,
Yuncheng
